TNSM Searchable Index

Author(s)	Title	Year	Issue	Keywords
Xin Li, Yongli Zhao, Xiaosong Yu, Hua Wang, Wei Chen, Shuang Wang, Jie Zhang	Joint Bandwidth and Key On Demand (BKoD) Provisioning for Dynamic Service of Optical Transport Networks in F6G	2024	Early Access	Bandwidth and key on demand dynamic service optical transport network	In the sixth-generation fixed network (F6G), network security becomes an important topic. Encryption is an effective method to prevent network attacks and realize network security. Quantum key distribution (QKD) is a promising technology to effectively address the challenge by providing secret keys due to the laws of quantum physics. New services such as high immersion experience and holographic have the characteristics of time-varying bandwidth and requirements. The introduction of optical service unit (OSU) technology makes it possible to provide the exact bandwidth used by the service. In optical transport networks, a lightpath needs to be established before service transmission, and will be removed after service transmission. Signaling is used for lightpath establishment, removal, and bandwidth adjustment. Data information transmitted in data layer and signaling information transmitted in control layer are highly vulnerable to cyberattacks, such as eavesdropping. The supply of bandwidth and key resources need to be optimized to achieve secure and stable service transmission in optical networks. Hence, how to realize bandwidth and key on demand (BKoD) provisioning for dynamic services is a key problem. To improve the flexibility of bandwidth and key resource allocation and utilization, a QKD-secured OSU-based optical transport network can be deployed. In this paper, a novel QKD-secured OSU-based optical transport network architecture is proposed and a service aware dynamic resource provisioning (SADRP) algorithm is proposed to realize BKoD. The proposed architecture uses the QKD technique to provide keys for both signaling information and data information for the first time. The proposed algorithm supplies resources according to the dynamic demand of bandwidth and key, so as to achieve the balance between dynamic demand and static resource utilization. Simulations results show that compared with the benchmark algorithm, the SADRP algorithm reduces blocking probability by 4.16%, reduces bandwidth resource utilization rate by 4.39%, reduces key resource utilization rate by 3.48%, and improves security rate by 4.17%.	10.1109/TNSM.2024.3387758
Ahmed Barnawi, Prateek Chhikara, Rajkumar Tekchandani, Neeraj Kumar, Bander Alzahrani	A Differentially Privacy Assisted Federated Learning Scheme to Preserve Data Privacy for IoMT Applications	2024	Early Access	Computer Vision Differential Privacy Ensemble Learning	The rapid development of Artificial Intelligence (AI) has had a significant impact on various industries, including healthcare. The Internet of Medical Things (IoMT) has played a vital role in this evolution. However, while AI has contributed to many benefits in healthcare, concerns about data privacy and security persist. To address these concerns, we propose a framework that combines Federated Learning (FL) and Differential Privacy (DP) to enhance data protection within IoMT. By integrating FL’s decentralized approach with DP’s mechanism to prevent data reconstruction from model outputs, we can improve data confidentiality. This integrated approach is used to develop and analyze high-performing Convolutional Neural Networks (CNNs) for detecting Tuberculosis using chest X-ray datasets. The framework undergo thorough performance evaluation, utilizing various metrics to establish its superiority over baseline models. The results demonstrate the effectiveness of our framework as a robust solution for secure and private AI applications in healthcare.	10.1109/TNSM.2024.3393969
Huihui Wang, Chunping Wang, Kun Zhou, Duanyang Liu, Xiaoli Zhang, Hongbing Cheng	TEBChain: A Trusted and Efficient Blockchain-Based Data Sharing Scheme in UAV-Assisted IoV for Disaster Rescue	2024	Early Access	Disasters Blockchains Costs	The destruction of communication infrastructure after a disaster makes it impossible for vehicles to timely transmit important data, such as casualty locations, road conditions and rescue demands, which brings great difficulties to ensure safe driving and efficient rescue. Some existing schemes have proposed the use of Unmanned Aerial Vehicles (UAVs) to assist data sharing in the Internet of Vehicles (IoV) to perform instant rescue missions. However, the untrusted network environment after the disaster and the mutual unbelief among rescue vehicles lead to potential security problems in data sharing between vehicles and UAVs. In addition, some selfish or malicious participants may disseminate meaningless or false data, which will not only waste valuable rescue resources in disaster areas but also may threaten the safety of rescue workers. To overcome these challenges, we propose TEBChain, a trusted and efficient data sharing scheme based on blockchain. In TEBChain, a blockchain-based lightweight framework is first designed to guarantee effective data sharing and record all abnormal behavior. Then, we present an improved key update mechanism based on the Boneh-Lynn-Shacham (BLS) threshold signature, which can ensure the trust of shared data among frequently moving vehicles. Furthermore, to facilitate consensus and reduce communication overhead, a lightweight and secure PBFT (LS-PBFT) consensus protocol is proposed to enable efficient rescue of vehicles and UAVs. Finally, the effectiveness and feasibility of our proposed TEBChain are validated through performance comparisons and simulation experiments.	10.1109/TNSM.2024.3394162
Changhao Qiu, Bangbang Ren, Lailong Luo, Guoming Tang, Deke Guo	SFCPlanner: An Online SFC Planning Approach With SRv6 Flow Steering	2024	Early Access	Routing IP networks Planning	Each flow usually needs to traverse a specific service function chain (SFC), which is composed of multiple network functions implemented through virtualization technology or hardware, before reaching their destinations. All network functions are deployed across commodity nodes inside a network environment. Each flow needs to change its default routing path to visit the corresponding SFC correctly. These changed routing paths will cause network load imbalance. Therefore, an intelligent routing planning method is needed to balance the traffic load while satisfying various SFC requirements of different flows. In this paper, we propose to leverage SRv6, a new routing technology, to centrally plan the routing path for each flow with any SFC request. We then present a general model of the SFC planning problem (SFCP), planning flows’ routing paths to minimize the maximum link utilization of the network, and prove that the problem is NP-hard. For this reason, we transform the SFCP problem into a graph theory optimization problem and propose SFCPlanner, an online SFC planning method based on deep reinforcement learning. Moreover, we design the node mask and incremental training mechanisms to make SFCPlanner achieve better performance. The experiment results show that our SFCPlanner can solve the SFCP problem in large-scale networks more precisely. It can reduce the maximum link utilization by 32% compared with the benchmark algorithm while ensuring each flow traverses the correct SFC.	10.1109/TNSM.2024.3392945
Cheng Ren, Jiangping Zhang, Yu Wang, Yaxin Li	On Efficient VNF-FG Design in IoT Networks	2024	Early Access	Switches Heuristic algorithms Internet of Things	In recent times, it has been witnessed that an increasing number of Internet connected devices impose an huge challenge on Internet of Thing (IoT) networks, which provides diverse and complex network services through edge computing empowered IoT terminals. A network service can be formally represented by Virtualized Network Function Forwarding Graph (VNF-FG) with the advent of Network Function Virtualization (NFV) technology. Previous researches mainly focus on VNF-FG embedding (VNF-FGE) and take VNF-FG as the input. In this paper, we investigate the design of VNF-FG, which is required to be a Directed Acyclic Graph (DAG) and achieved by the IoT terminal, in two scenarios. In static scenario, for a set of traffic flows arriving at the IoT terminal and requesting different network services, an ILP model Ps including loop prevention constraints is well formulated. An approximation algorithm AFGC with competitive ratio O(1+(\|R\|-1)α), α (0, 1) is then designed, which thoroughly search all key instances to run comprehensive loop break. In dynamic scenario for a flow request on the fly reaching an IoT terminal, an ILP model Pd and another approximation algorithm DFGU with a competitive ratio O(1 + \|SCr\|\|Fr\| ) are developed, giving priority to reuse of existing topology to generate an augmented VNF-FG of minimum size. Simulation results indicate AFGC and DFGU outperform state-of-art work, and the gap between each of the two algorithms and their respective ILP models is marginal.	10.1109/TNSM.2024.3392976
Yingchun Cui, Jinghua Zhu	MChain-SFFL: Multi-Chain Aggregation Privacy-Preserving for Server-Free Federated Learning	2024	Early Access	Privacy Computational modeling Servers	Federated Learning is a distributed learning paradigm that allows multiple organizations or devices to train a global model collaboratively in a privacy-preserving manner. However, there still exists privacy leakage risks due to the curious or dishonest server. In this paper, we propose a novel server-free federated learning paradigm named MChain-SFFL, which utilizes parallel multi-chain aggregation to mitigate privacy leakage risks and enhance convergence speed. First, MChain-SFFL randomly selects multiple users as chain heads. Then, MChain-SFFL utilizes parallel multi-chain communication mechanism to transmit the masked local model parameters. Finally, every chain head computes the model update for that chain and sends it to the other users. Upon receiving updates from all other chains, each user aggregates the received parameters to generate the model update for the current round. We validate the superiority of our method in accuracy and convergence speed on both image datasets and text datasets. Experimental results show that MChain-SFFL achieves superior privacy protection without impairing model accuracy and exhibits robustness to Non-IID data.	10.1109/TNSM.2024.3393246
David Tipper, Amy Babay, Balaji Palanisamy, Prashant Krishnamurthy	Network Connectivity Resilience in Next Generation Backhaul Networks: Challenges and Future Opportunities	2024	Early Access	Wireless communication Resilience Hardware	Next generation cellular networks are expected to enable a wide range of new applications, increasing societal dependence on the network infrastructure and requiring a higher level of resilience than current networks. In this paper, we consider the challenges network operators face in providing end-to-end connections across the backhaul part of the cellular network in the face of equipment failures and power outages. In particular, we discuss the impact of the move to commodity hardware, disaggregation of the radio access network, edge computing, densification of the network, and the increased electric power requirements on resilience. Techniques and research directions for overcoming the challenges are presented. This includes thinking beyond methods for a single network operator including cooperative operator techniques and extending resilient overlays to the wireless edge.	10.1109/TNSM.2024.3392857
Yan-Xia Chang, Qing Wang, Quan-Lin Li, Yaqian Ma, Chi Zhang	Performance and Reliability Analysis for PBFT-Based Blockchain Systems With Repairable Voting Nodes	2024	Early Access	Blockchains Protocols Reliability theory	In a practical blockchain system based on the Practical Byzantine Fault Tolerance (PBFT) protocol, the voting nodes can fail at any time due to non-Byzantine errors, such as autonomous shutdowns, device crashes, and communication link failures caused by mobility or obstacles. These errors may cause voting nodes to exit the PBFT-based blockchain system unpredictably, resulting in a variable number of voting nodes available at any given time. To maintain optimal performance and consistency while adapting a PBFT-based blockchain system to this dynamic change, this paper proposes an extension to the PBFT protocol by introducing a repair process for failed nodes. The new PBFT-based blockchain system with repairable voting nodes is then analyzed for performance and reliability analysis by using multi-dimensional Markov processes, queueing theory, and the first passage time method. Additionally, we validate the accuracy of our theoretical findings by conducting numerical examples and simulation experiments. These experiments demonstrate that the introduction of a repair process can improve the performance and reliability of the PBFT-based blockchain system. Furthermore, we illustrate how various system parameters impact the performance measures of the PBFT-based blockchain system with repairable voting nodes. We hope that the methodology and results presented in this paper will establish a common framework for deriving theoretical analysis of existing PBFT-based blockchain systems and inspire future research efforts in this field.	10.1109/TNSM.2024.3384506
Joongheon Kim, Soohyun Park, Soyi Jung, Carlos Cordeiro	Cooperative Multi-UAV Positioning for Aerial Internet Service Management: A Multi-Agent Deep Reinforcement Learning Approach	2024	Early Access	Autonomous aerial vehicles Reliability Wireless communication	This paper proposes a novel multi-agent deep reinforcement learning (MADRL)-based positioning algorithm for multiple unmanned aerial vehicles (UAVs) collaboration in mobile access applications where the UAVs work as mobile base stations. The primary objective of the proposed algorithm is to establish reliable mobile access networks for vehicle-to-everything (V2X) communications. This paper jointly considers energy-efficient UAV operation and reliable wireless communication services for realizing robust mobile access services. For the energy-efficient UAV operation, the reward function formulation of our proposed MADRL algorithm contains the features for UAV energy consumption models in order to realize efficient operations. Furthermore, for the reliable wireless communication services, the quality of service (QoS) requirements of individual users are considered as a part of reward function. Furthermore, this paper considers 60, GHz millimeter-wave (mmWave) mobile access for utilizing the benefits of i) ultra-wide-bandwidth for multi-Gbps high-speed communications and ii) high-directional communications for spatial reuse that is obviously good for avoiding interference among densely deployed users. Lastly, the comprehensive and data-intensive performance evaluation of the proposed MADRL-based algorithm for multi-UAV positioning is conducted. The results of these evaluations demonstrate that the proposed algorithm outperforms other existing algorithms.	10.1109/TNSM.2024.3392393
Friedrich Altheide, Simon Buttgereit, Michael Rossberg	Increasing Resilience of SD-WAN by Distributing the Control Plane [Extended Version]	2024	Early Access	Logic gates Wide area networks Bandwidth	Modern WAN interconnects utilize SD-WAN to automatically respond to network changes and improve link utilization, latency, and availability. Therefore, they incorporate controllers with a centralized view, which collect network state from managed gateways, calculate suitable forwarding actions, and distribute them accordingly. However, this limits the robustness and availability of the network control plane, especially in the event of node or partial network outages. In this paper, we propose a distributed and highly robust SD-WAN control plane without any central or regional controller. Our solution can handle arbitrary device failures as well as network partitioning. The distributed forwarding decisions are based on user-defined, dynamically evaluated path cost functions, and consider not only path quality but also quality fluctuations. The evaluation shows that our approach can handle several thousand SD-WAN gateways and hundreds of network policies in terms of computation. Further, the communication overhead introduced due to its distributed architecture is discussed and shown to be negligible compared to a central approach. This paper is an extended version of our work published in altheide2023. It describes the information transmitted between sites as well as a strategy for deploying policies, discusses approaches reducing communication bandwidth, introduces grouping of multiple flows without requiring explicit coordination, and provides a detailed analysis of the bandwidth required.	10.1109/TNSM.2024.3386962
Yuanyuan Fu, Jian Xu	LogTransformer: Transforming IT System Logs Into Events Using Tree-Based Approach	2024	Early Access	Servers Vectors Source coding	As an important outcome of complex IT systems in operation, logs provide valuable information for system operation and maintenance. Log event (or template) extraction plays a vital role in log analysis, as its accuracy significantly impacts follow-up tasks such as log anomaly detection and event pattern discovery. Despite achieving high accuracy on specific system logs, existing log event extraction approaches still struggle with low accuracy and instability when handling logs from heterogeneous systems or logs with variable-length parameters. To address these issues, this paper proposes LogTransformer, an online event extraction approach based on a tree structure. A tree-based log content parsing approach is proposed to perform log event extraction by comparing the similarity between a log tree representing an incoming log message and an event tree representing a specific log template. Extensive experiments are conducted on sixteen benchmark log datasets to evaluate the effectiveness, robustness, and efficiency of the proposed approach. The experimental results demonstrate that an average accuracy exceeds 90%, surpassing the state-of-the-art online log parser, Drain.	10.1109/TNSM.2024.3391290
Fahime Khoramnejad, Aisha Syed, W. Sean Kennedy, Melike Erol-Kantarci	Energy and Delay Aware General Task Dependent Offloading in UAV-Aided Smart Farms	2024	Early Access	Task analysis Internet of Things Autonomous aerial vehicles	Edge computing offers a promising solution to enhance network reliability. In this study, we investigate the integration of mobile edge computing (MEC) technology and unmanned aerial vehicles (UAVs) within the context of smart agriculture. Smart agriculture relies on resource-constrained Internet of Things (IoT) devices for local environmental monitoring and data collection. These IoT devices send the collected data to UAVs for analysis. A central theme of this work is the focus on the applications generated by each UAV and the consideration of their topology to derive our optimization algorithm. To tackle these challenges, we propose harnessing the computational and power resources of UAVs and MEC at the network’s edge to offload and execute resource-intensive tasks in UAV-MEC-assisted networks. Our research focuses on the joint optimization of power allocation and task offloading in these wireless networks. Central to our investigation is the problem of minimizing the energy-time cost (ETC) for the UAVs, considering the interdependencies among tasks. To address this complex problem efficiently, we introduce graph convolutional neural networks (GCNs) and reinforcement learning (RL)-based techniques. We employ a directed acyclic graph (DAG) to model task interdependencies, with GCNs characterizing the DAG. Our approach incorporates an actor-critic method with embedding layers, trained using the compound-action actor-critic (CA2C) algorithm. Our findings reveal a significant improvement in minimizing both delay and energy consumption, with a 27% percent reduction in delay and a 45% reduction in consumed energy for executing complex, interdependent tasks.	10.1109/TNSM.2024.3391664
Yuping Lai, Yiying Yu, Wenbo Guan, Lijuan Luo, Jing Fan, Nanrun Zhou, Yuan Ping	A Lightweight Intrusion Detection System Using a Finite Dirichlet Mixture Model With Extended Stochastic Variational Inference	2024	Early Access	Computational modeling Training Feature extraction	With the rapid development of the internet worldwide, network security issues are becoming increasingly prominent. Network intrusion detection systems (NIDSs) play a vital role in ensuring computer network security due to their ability to identify potential network threats. Despite considerable research efforts, deploying NIDSs on resource-constrained devices has been challenging. To reduce the imposed computational cost and model storage requirements, in this paper, we propose a novel lightweight NIDS model. In this model, patterns of normal and malicious actions are learned via a finite Dirichlet mixture model (DMM) in the context of the extended stochastic variational inference (ESVI) framework. With the proposed method, both the parameter estimation and model selection processes can be simultaneously addressed in a unified Bayesian framework. A great number of experiments conducted on three publicly available datasets demonstrate that the proposed model not only achieves comparable classification performance to that of detection models based on several well-studied finite mixture modeling, traditional machine learning (ML) and promising deep learning (DL) algorithms but also significantly reduces the required training and detection time. Extensive experimental results validate that the proposed model is a feasible and efficient lightweight intrusion detection model.	10.1109/TNSM.2024.3391250
Chen Chen, Jiabao Si, Huan Li, Wei Han, Neeraj Kumar, Stefano Berretti, Shaohua Wan	A High Stability Clustering Scheme for the Internet of Vehicles	2024	Early Access	Magnetic heads Clustering algorithms Heuristic algorithms	In existing research on cluster head selection schemes in the Internet of Vehicles (IoV), designing a stable cluster structure poses a significant challenge. Choosing a centrally-located cluster head that can respond rapidly is crucial for meeting various requirements. To address the aforementioned challenges, this paper introduces a machine learning-based IoV cluster head selection scheme (HSCS). We introduce a new metric termed N-cycle Average Virtual Cluster Delay (XTn) for appropriate cluster head selection. To accommodate the high dynamism of vehicles, a machine learning model is integrated to predict cluster head selection metrics across different periods, and a set of cluster head selection guidelines is formulated. Experimental results demonstrate that our proposed HSCS ensures a relatively low average intra-cluster delay while maintaining a longer cluster head retention time, and it exhibits commendable robustness.	10.1109/TNSM.2024.3390117
Marco Martalò, Giovanni Pettorru, Luigi Atzori	A Cross-Layer Survey on Secure and Low-Latency Communications in Next-Generation IoT	2024	Early Access	Internet of Things Surveys Security	The last years have been characterized by strong market exploitation of the Internet of Things (IoT) technologies in different application domains, such as Industry 4.0, smart cities, and eHealth. All the relevant solutions should properly address the security issues to ensure that sensor data and actuators are not under the control of malicious entities. Additionally, many applications should at the same time provide low-latency communications, as in the case for instance of remote control of industrial robots. Low latency and security are two of the most important challenges to be addressed for the successful deployment of IoT applications. These issues have been analyzed by several scientific papers and surveys that appeared in the last decade. However, few of them consider the two challenges jointly. Moreover, the security aspects are primarily investigated only in specific application domains or protocol levels and the latency issues are typically investigated only at low layers (e.g., physical, access). This paper addresses this shortcoming and provides a systematic review of state-of-the-art solutions for providing fast and secure IoT communications. Although the two requirements may appear to be in contrast to each other, we investigate possible integrated solutions that minimize device connection and service provisioning. We follow an approach where the proposals are reviewed by grouping them based on the reference architectural layer, i.e., access, network, and application layers. We also review the works that propose promising solutions that rely on the exploitation of the QUIC protocol at the higher levels of the protocol stack.	10.1109/TNSM.2024.3390543
Xiaojuan Wang, Yiqing Luo, Mingshu He, Xinlei Wang	A Semantic Detection Method for Network Flows With Global and Generalized Nature	2024	Early Access	Feature extraction Semantics Correlation	Network threat detection and identification are essential tasks in the defense of cyberspace. However, current network threat detection methods have limitations such as narrow feature extraction, targeted feature effects, and limited generalization performance. Therefore, there is a need for a more comprehensive understanding and description of network behavior. As a result, we propose a global and generalized method for semantic detection of network flow to enhance the definition of flow data and representation of network behavior. To improve the problem of narrow feature range in existing methods, this paper designs three feature embedding methods that represent global, temporal, and local semantic correlations from both temporal and spatial dimensions: global embedding, position embedding, and learning embedding. In order to overcome the problem of existing methods only targeting specific behaviours, this article focuses on constructing global correlation features to replace the detection mode of building an inherent feature set. By utilizing text analysis features, we extract global embedding features containing network flow relationship information by constructing a topology heterogeneous graph between flows and bytes. This is combined with position embedding and learning embedding to complete data detection and behavior classification through input into the transformer encoder. We validated the effectiveness of our method in three scenarios: the Internet, the Internet of Things, and encryption. The final experimental results demonstrated that our proposed method outperformed existing advanced models. Furthermore, after incorporating global embedding representing international correlation relationships, the model’s classification accuracy was further improved.	10.1109/TNSM.2024.3390180
Zhihuang Ma, Tingyu Li, Zichen Xu, Nelson L. S. da Fonseca, Zuqing Zhu	SFCache: Hybrid NF Synthesization in Runtime With Rule-Caching in Programmable Switches	2024	Early Access	Servers Noise measurement Pipelines	Data plane programmable (PDP) switches are becoming increasingly popular for network function virtualization (NFV), for their programmability and high packet processing performance. However, the inherent limitations of PDP switches, such as limited memory space, make it challenging to implement certain types of network functions (NFs) (i.e., the stateful ones) on them. This paper proposes SFCache, which combines PDP switches and commodity servers to achieve self-adaptive SFC deployment. SFCache aims to exploit the high packet processing performance of PDP switches while supporting the flexible deployment of a wide range of SFCs (including the stateful ones) with servers. Specifically, SFCache can dynamically improve the packet processing performance of the SFCs that were deployed on servers by selectively caching SFC-level packet processing rules on PDP switches. We design a few key components to facilitate SFCache, including an NF-destructed P4 pipeline that allows customizing packet processing rules in a match-rewrite pattern, a runtime NF synthesis method that can transform a set of NF-level match-rewrite rules into an equivalent SFC-level rule, and a count-min selection strategy to choose the best synthesized rule for being cached in PDP switch pipeline. We prototype SFCache with a PDP switch based on Tofino ASIC and a server, and demonstrate the effectiveness of our proposal experimentally.	10.1109/TNSM.2024.3390140
Mahzabeen Emu, Salimur Choudhury, Kai Salomaa	Stochastic Resource Optimization for Metaverse Data Marketplace By Leveraging Quantum Neural Networks	2024	Early Access	Metaverse Resource management Computational modeling	Metaverse can unleash the potentials of Internet of Sense (IoS) communication by intertwining objects and environment between physical world and parallel virtual world. In order to digitally experience smell or taste and navigate effortlessly in virtual reality, optimal resource allocation to strengthen sensing data based infrastructure system is a critical research challenge. The Metaverse Infrastructure Service Providers (MISPs) tap into data marketplace and subscribe to resources in advance for fulfilling the needs of data consumers and users. The demand of the data based services being uncertain, non-optimal subscription schemes may lead to unwanted resource wastage or shortage. Thus, we propose a Stochastic Integer Programming (SIP) model with two phase reservation and on-demand plans for optimal resource allocation in data marketplace. Further along this line, we strive to predict the demand by leveraging Quantum Neural Networks (QNN) that is able to learn with fewer historical data in comparison to classical machine/deep learning paradigms. Extensive simulation results justify that QNN as a supporting model can significantly reduce the computational complexities of SIP formulation. This research can contribute to reduce Metaverse resource fabrication costs, upgrade the profit margin for MISPs by increasing data based service sales revenue, provide real-time resource management decisions, and overall make real impacts in the virtual world.	10.1109/TNSM.2024.3389048
Everson S. Borges, Magnos Martinello, Vitor B. Bonella, Abraão J. dos Santos, Roberta L. Gomes, Cristina K. Dominicini, Rafael S. Guimarães, Gabriel T. Menegueti, Marinho Barcellos, Marco Ruffini	PoT-PolKA: Let the Edge Control the Proof-of-Transit in Path-Aware Networks	2024	Early Access	Routing Cryptography Proposals	This paper presents a scalable and efficient solution for secure network design that involves the selection and verification of network paths. The proposal addresses the challenges related to compliance policies by introducing a Proof-of-Transit (PoT) feasible implementation for path-aware programmable networks. Our approach relies on i) a source routing mechanism based on a fixed routeID representing a unique identifier per path, which serves as a key for PoT lookup tables; ii) the "in situ" that allows to collect telemetry information in the packet while the packet traverses a path. The former enables path selection with policy at the edge, while the later allows to perform path verification without extra probe-traffic. A P4 programmable language prototype demonstrates the effectiveness of this approach to protect against deviation attacks with low overhead. The results show its scalability considering the protocol overhead as the path length increases; a significant reduction in network’s forwarding state for fat-tree topologies depending on the workload per path (flows/path). Finally, experimental results show a RTT comparison evaluation, the impact of PoT computation, protection to path deviation and seamless path migration keeping flow protection.	10.1109/TNSM.2024.3389457
Jingjing Yang, Yuchun Guo, Yishuai Chen, Yongxiang Zhao	MicroNet: Operation Aware Root Cause Identification of Microservice System Anomalies	2024	Early Access	Microservice architectures Data aggregation Interference	Microservice architecture has been widely adopted in large-scale applications. However, it also brings new challenges to ensuring reliable performance and maintenance due to the huge volume of data and complex dependencies of microservices. Existing approaches still suffer from the over-aggregation of data, interference from anomaly propagation, and ignoration of component differences. To solve these issues, this paper builds a root cause diagnosis framework at the operation granularity, named as MicroNet. Since operations are subfunctions of microservices, recorded as invocation purposes, we propose the operation-centric perspective, to realize fine-grained data aggregation and operation-level anomaly backtracking. We decompose the diagnosis task into four phases: dependency graph construction, anomaly detection, anomaly evaluation, and culprit location. To construct the invocation dependency accurately, we propose the concept of meta call, defined as the triple (caller, operation, callee), the smallest unit that can be aggregated. Based on the dependency graph, we quantify the operation’s abnormality by analyzing the operation execution process, to backtrack the propagated anomalies. Then, we customize a personalized PageRank algorithm to identify the root cause in which invocation latency and different invocation relationships are considered simultaneously. Our experimental evaluation on an open dataset shows that MicroNet can effectively locate root causes with 90% mean average precision, outperforming state-of-the-art methods.	10.1109/TNSM.2024.3387552